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DOCUMENT- IDENTIFIER: US 6185683 Bl 

** See image for Certificate of Correction ** 

TITLE: Trusted and secure techniques, systems and methods for item delivery and 
execution 

Appliratinn Ft ling Date (1) : 
19981228 

R-r-jpf fin mrnary Tpyt (33) : 

Some secure facsimile machines such as those used by government and military 
organizations, or by companies needing a^ignificantly higher level of security 
■pro vide a n p*y^ apr-iTr i't^y/anPTT^nr r rat^inn step^to^ ensure that the intended recipient 
i^'physically present- at -the -receiving facsimile machine before the sender's machine 
will transmit the "dociiffirLt . In addition, it is possible to use encryption to prevent 
the fa'Siimfle- transmitted^ information from being tinderstood by electronic 
eavesdroppers. However, such specially equipped facsimile machines tend to be very 
expensive and are ot generally available for common commercial facsimile traffic. 
Moreover, facsimile machines typically can send and receive documents only- -and 
therefore are not very versatile. They do not, for example, handle digital items 
such as audio, video, multimedia, and executables, yet these are increasingly part 
and parcel of communications for commerce and other purposes. Thus, despite its many 
advantages, facsimile transmissions do not provide the very high degree of 
trustedness and confidence required by extremely confidential documents, nor do they 
provide the degree of flexibility required by modem digital communications. As with 
Express Courier Services and Registered Mail, faxing can only indicate that the 
package was delivered to the intended recipient (or his or her home or place of 
business) --and not that the intended recipient opened the package or read or saw or 
used the document. 

Rrif^f Nummary Text (45) : 
C. secure datahaRf^^ 

Rrifif Su mmary Tfiyt (124) : 

In addition to multiple individuals and/or parties in several organizations, a 
trusted go-between may also provide services to parties within a single 
^oraaniszat-ion,--thus enhancing the spicuri ty, reliability^^auditability. 



tWnF^tion facilitation within a given organization.———'^ 
Drawing Df^Rrr-i ption Text (39) : 

FIG. 3 0 shows an example inter- relationship between and use of the object 
registration table, subject taible and user rights table shown in FIG. 16 secure 
database; 

Drawing Desrriptinn Text (43) : 

FIG. 34 shows a specific example of how a site record table and group record table 
may track portions of the secure datflbase shown in FIG. 16; 

Drawing ne.grri pti on Text (46) : 

FIG. 35 shows an example of a process for updating the secure database; 
Drawing Deflrriptinn Text (48) : 

FIG. 37 shows an example of how an element of the secure dfitahaRP: may be accessed; 
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n-rawing npsrrjpMnn '^ ^t- (49) : [^B 

FIG. 38 is a f lowaiailRixample of how to protect a secWe databafifi element ; 

nr-awing DF^grri p ^ i nn Tpyt, (50) : 

FIG. 39 is a flowchart example of how to back up a secure database; 

nr-aw-ing DPRrri i nn Tpyh (51) : 

FIG. 40 is a flowchart example of how to recover a secure databasft from a backup; 

nphai1P<i np.qrr-iphion Text (9): . n ^ 

Also as shown in FIG. 89, electronic appliance 60 OA may optionally include a video 
camera 4124 and may display remote video in a "window" 4126 on screen 4104 (or on an 
optionally separate screen not shown) . Camera 4124 allows appliance 600 to take a 
photography of sender 4052 and/or recipient 4056. It may also allow sender 4052 and 
recipient 4056 to see each other in nrr^pr to simultaneously authenticate each 
other's identity visually- -and to have a "teleconference" discussion about item 4054 
or other matters. The electronic appliance 600 may also have a microphone /speaker 
4140 perhaps to coordinate details of the pending transaction. Appliance 600A might 
also include a media reader 4132 to read from a floppy diskette, smart card or other 
digital storage device. The appliance 600 can include, in addition, a document 
shredder/destroyer 4115. 

np^a^^prl Fipgrr -H p^ i nn Text (70) : 

FIG. 101 shows how trusted electronic go-between 4700 can make it easier for parties 
4070 to execute a legal contract 4068. In this example, the trusted electronic 
go-between 4700 can maintain a requirements list 4074. This requirements list 4704 
(an example of which is shown in FIG. 101(A) may specify all of the steps that must 
be completed and all of the conditions that must be satisfied in order to execute 
legal contract 4068. Trusted electronic go-between 4700 can monitor the electronic 
communications between the contractual parties 4070A, 4070B, and notify them of 
additional requirements that need to be met before the contract 4068 can be signed. 

np^a^i1pd npgr-r-iption Text (73): ^ . . ^ 

It is extremely useful to have trusted go-between 4700 monitoring this activity to 
m-Hpr the application of signatures (if required), and to allow a roll back if they 
system fails before applying all of the signatures. The role of go-between 4700 may, 
in some circumstances, be played by one of the participant's SPU's 500 (PPEs) , since 
SPU (PPE) behavior is not under the user's control, but rather can be under the 
control of rules and controls provided by one or more other parties other than the 
user (although in many instances the user can contribute his or her own controls to 
operate in combination with controls contributed by other parties) . In another 
example, the go-between role 4700 may comprise a "virtual go-between" comprised of a 
one, a combination of plural, or all, nodes of participants in a collective or other 
group. Governance can be shared through the interaction of rules and controls of the 
various node PPEs producing a go-between control role. Upon the completion of a 
go-between managed transaction, transaction audit information for archive, billing, 
security, and/or administrative purposes may be securely transmitted, directly, or 
through one or more other participating in the virtual go-between. 

nPhPi-ilpH np.qrr^ p^^r^T^ Tpxt, (103) : 

MD4 or other message digest algorithms employing, for example, one-way hash 
algorithms that attempt to uniquely identify a sequence of bits that is highly 
sensitive to content ancL-ordering of bits in a sequence. 

Dp^a^^eH Dpcirri pi- i on Text (139) : 

The PPE 650 's "register recipient" processing may also require input or other 
interaction from the user. FIGS. 90A and 90B show a relatively straightforward 
menu-based user interface that may be used to elicit information from sender 4052. 
In a more advanced example, DTDs 1108 (see FIG. 23 and following) associated with 
one or more load modules 1100 may be used to control user interfaces (e.g., the "pop 
up" as shown in FIGS. 72A-72D) . In this model, the user interface does not contain 
any specific visual elements (e.g., menus, buttons, data entry fields, etc.). 
Instead, the pop up contains application "framework" code. The framework code m 
this style of user interface uses a structured input stream (DTD 1108) from the PPE 
650 to create the visual elements of the interface, and optionally the allowed 
values of certain fields. This structured data stream may (like other control 
structure DTDs 1108) be based on SGML, for example. 

npl-ailed DeRrr-i p^ H r>n Text (263) : 
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Electronic controls 4^ may also include one or tnore •^trol methods specifying the 
type of audit informaURn that is to be maintained in Election with the electronic 
transaction This audit information may be used for constructing a receipt 4066, to 
provide evidence preventing repudiation, and for a variety of other functions Such 
aSdIt information may be maintained exclusively within the sender's aEpli|nce600 
it might be maintained exclusively within the recipient's appliance secure f^atahase , 
it might be^maintained exclusively within the trusted go-between 470'G-s-appliance 
600 s^eeir?e^^dal:ahas£^,or it might be maintained in a combination of any or all of 
thesel^dteriorSTiy, the audit information may or may not be delivered with item 
40^4 Spending on the particular objectives. A usage clearinghouse 200c as described 
above in connection with FIG. lA and/or as disclosed in the Shear et al. patent 
disclosure may be used to track the audit information based on event -driven or 
periodic reporting, for example. Audit records could be transmitted to a usage 
clearinghouse (or to a trusted go-between 4700) by an automatic call forwarding 
transmission, by a supplement call during transmission, by period update of audit 
information, by the maintenance of a constant communication line or open network 
pathway, etc. 

r)p1-ai1f>H npgrr■ ^n^^«-»n Tprxt. (280) : ^ •, ^ 

AS mentioned above, audit information 4077 associated with use of a document may be 
transmitted to many different parties. Audit information 4077 may also be treated as 
part of the signaling methodology described for reciprocal methods (see FIGS. 
41a-14d) to provide receipts. For example, copies of receipts may be delivered to 
the sender, as described above, as well as to the sender's manager in a corporate 
setting, or to the sender's legal counsel or other professional advisors (such as 
?Ix ad?isers, accountants, physicians, etc.) Some items 4054 which^are delivered to, 
or used by, recipients to gather information (such as tax forms, purchase nrnprs ■ 
Wles-reportsr and insurance claims) may require delivery of receip'ts-to..several-^ ' 
B^^6s-'6ther^ than the sender. Some transactions may require the delivery of such 
receipts before completion. For example, a sales report requesting delivery of 
products from a company's inventory may require that a receipt from the reading of a 
document delivered to the sales organization be received by the accounting 
department for audit purposes before permitting receipt of the document by the sales 
organization. 

^>P^a^^pr^ ng>g(^ri i on Tpxt (291): 

For purposes of security and trustedness, PPE 650 may actually "issue- the 
receipt--although it may use various other portions of appliance 600 (e.g., receipt 
printer 4112A, display 4104, card/media reader 4108, 4132, etc.) to output the 
Receipt to the sender 4052. PPE 650 may also or alternatively maintain a copy of the 
receipt information (and/or the audit information 4077 on which it is based) within 
its secure database 610 (see FIG. 16). The trusted go-between 4700 similarly may 
maintain a copy of the receipt information (and/or the audit information 4077 on 
which it is based) within a secure electronic archive 4702. 

nphailpri npg(-ript-inn Text (295): . „^^„4of«.v 

FIG. 115 Shows example steps that PPE 650 may perform in response to a register 

obiect" event. In this particular example, PPE 650 may generate and send any return 
receipt to sender 4052, trusted electronic go-between 4700, or other parties as 
^Si?ed by the control set 4078 within container 302 (FIG. 115, block 4607A) -by 
for example recording audit records 4077 and transmitting them within an 
administrative object (s) 870 to the required appliances 600. Appliance 600 may next, 
?f necessary, obtain and locally register any methods, controls or other information 
required to manipulate object 300 or its contents (FIG. 115, block 4607B; see 
registration method shown in FIGS. 43a-d) . For example, item 4054 may be delivered 
independently of an associated control set 4078, where the control set "«y.°^J-y 
partial, such that appliance 600 may require additional controls from permissioning 
agent 200f (see FIG. lA and "rights and permissions clearing house" description in 
the copending Shear et al. patent disclosure) or other archive in order to use the 
item. 

np)-ai1pH npHrT^p^^nn Tpyt (302): , . ^ -i • ^ 

Referring again to FIG. 114A, appliance 600 may next index or otherwise catalog item 
4054 for later access and reference (FIG. 114A, block 4618), and may automatically 
identify document/ file format for storage or presentation to recipient 4056 (FIG. 
114A block 4620) . Appliance 600 may then select any additional information 
necessary to allow the recipient 4056 to interact «ith the document (e.g. conduct 
any associated searches or the like) (FIG. 114B, block 4622) , and then 

initiate any associated application (s) and any carrier application required to 
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interact with the doc^^nt/file (FIG. 114B, block 4 62 Appliance 600 may then 
generate a "send" or^^en" event to PPE 650 request in^the PPE to open container 
302 and allow the user to access its contents. 

np^l-ailpd nF^P!rr^ p^^ir>n Tf^ict (350) : 

Store document into secure datahafle 610. 

^^f^^a^1p^r^ np.qr^r• ip^^r^n Tpxt (358) : 

The control sets 914B, 914A thus define and control the processing which go-between 
4700 performs on documents and other items in order to notarize them. Human users 
may interact with this process if desired through optional user interfaces 4714, 
4716. Such human intervention may be required under certain circumstances (for 
example, if a live human witness might be required to testify as to certain 
notarization facts, if the automatic processes determine that a fraud is being 
attempted, etc.) . The dynamic interface technology described above can provide a 
mechanism for delivering a user interface through the system without direct 
intervention by the provider of the overall service with respect to user interface, 
and by the notary with respect to the customer relationship. 

DRt-ailpH np»Rrr•• ip^^inr^ Tfivt (361) : 

Trusted electronic go-between 4700 may also archive transmission related data as 
determined by the electronic control set 4078 associated with the item 4054 being 
sent, the transaction type and/or sender and/or recipient information (FIG. 121, 
block 4760) . For example, trusted electronic go-between 4700 might automatically 
determine archiving requirements based at least in part on certified class based 
identification information regarding sender 4052 and/or recipient 4056. In one 
example, trusted electronic go-between 4700 archives transmittal related information 
such as receipt data structure 4066 in an object oriented database employing secure 
containers 302. It may also perform data reduction analysis and/or authentication 
processes (FIG. 121, block 4762) to provide client specific, class and/or 
transaction type usage analysis. 

np>^^^i^pH np^Rf^ripri on Text (436) : . t 

FIG. 126 shows an example of how trusted electronic go-between 4700 might help to 
coordinate and complete a complex contractual arrangement, such as the purchase of a 
car. Suppose buyers 4070A want to buy a car from manufacturer 4070B through car 
dealership 4070C. Buyers 4070A could use an electronic appliance 600 to specify the 
car model, options and price they are willing to pay. They could also fill out a 
credit application, provide a down payment, package all of this information into a 
secure electronic object 300A, and send the electronic container to trusted 
electronic go-between 4700. Trusted electronic go-between 4700 might then contact 
the car dealership 4070C, present the buyers' offer and receive (in another secure 
electronic object 300B) the car dealership's counter offer concerning price and 
availability. Trusted electronic go-between 4700 could negotiate or mediate between 
the two parties, and supervise the creation of a contract 68 finalizing the deal. 
Trusted electronic go-between 4700 could send a copy of the final contract 4068 to 
the buyers 4070A and to the car dealership 4070C, using secure electronic objects 
300C and 300D to ensure secure electronic delivery of this information. Trusted 
electronic go-between 4700 could include the buyers' down payment within secure 
object 300D for receipt by car dealership 4070C. Trusted electronic go-between 4700 
could also forward the buyers' credit application within yet another secure 
electronic object 300E to a credit company 4070D. The credit company could provide 
the proceeds of an automobile loan to car dealership 4070C to pay for the new car. 
Meanwhile, car dealership 4070C could send an order to the manufacturer 4070B who 
could manufacture and deliver the new car to the buyers 4070A either directly or 
through the car dealership 4070C. 

nPl-ai1pH np^.qr'r- ipl-i on Tf^yt (446) : 

This teleconferencing capability can be useful, for example, to allow sender 4052 
and recipient 4056 to verify they each are who they say they are, and to assist m 
negotiating contract 4068 or otherwise discussing the content of an item 4054. In 
nrHf^r to further assure the authenticity of the communication, a secure 
commiinications link may be established using key exchange techniques (e.g., 
Dif f ie-Hellman) and encryption of the signal between the stations. 

ni:>t-ai1pH nf^flrr^p ^^nn Text (447) : 

Secure containers 302 may be used to encapsulate the video and audio being exchanged 
between electronic kiosk appliances 600, 600' to maintain confidentiality and ensure 
a high degree of trustedness. Thus, in this example, each secure container 302(2) 
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might contain some po^n of or multiple video images^/or some portion of or 
multiple audio segmenSPTElectronic appliances 600, 60^can exchange such secure 
container 302(2) back and forth in rapid succession to provide real time audio and 
SSeo transmission In order to improve performance, the ^°^tainers themselves may 
remain at the users' sites, and only the encrypted contents transmitted between the 
participants. This may allow one or two containers to protect the entire 
communications between the parties. 

noha i1f>H DpRO-rinhinn Text (460) : -, ^ • 

Trusted go-between 4700 registers the contract 4068, and then creates an electronic 
list of rules based on contract 4068. A partial example rule list is shown in FIG. 
130A. Although the FIG. 130A conditions are shown as being written on a clipboard, 
in the preferred embodiment the "clipboard" is electronically implemented by a 
cSmpute? and comprises one or more electronic control sets 4078 that specify the 
coSditionrthat lust be satisfied in order for the overall real estate transaction 
to settle. 

nohailpi^ nf»!:;r^r^p^^ nn Tpvt (461) : 

Trust go-between 4700 may need to communicate with each of a- number of parties in 
r^vrfpr to determine whether the conditions have been satisfied. For example: 

no i-a-ilpH DPHr-riptinn Tp-xt (480) : , j .. 

The lawyers 5050 5052 can also electronically file any of these exchanged documents 
with th^ court 5056 by sending the documents to the clerk 5054 via secure electronic 
containers 302. In this example, the clerk 5054 may actually be a computerized 
??5sted go-between 4700 (represented here by a person but implemented in practice m 
whole or in part by one or more secure electronic appliances 600) The clerk 5054 
Sy present I digital certificate evidencing that it is authorized to open a secure 
container 302 it has received. The clerk may then date stamp each received document 
^^h^c. mav involve olacinq a seal 4200 on the document but more typically might 
InSoLrLmpi; p!aSing a^digital time signature on the document K f ^ ^^^^^f 
file the document electronically within a secure electronic archive 4702 that can 
provide a Hat-ahase for linking related documents together. 

nla^a^^^»H nf»grT•^n^^ i-in Tfayh (482) : . , . 

The j udge 505 6 could write her orders and opinions using electronic appliance 600 
She iould then send these documents within a secure electronic container 302(3) for 
filing by the clerk 5054 in secure electronic archive 4702, and for automatic 
service on the lawyers 5050, 5052. 

ngj-ailprf ^)pgr^-^^ p^^^.n Tpvt (493): 

UDon receiving the patent application 5062, a trusted go-between 4700 within the 
KnrSffSe^SOe! ?ould opin the container 302 (1) and access the patent application 
5062 Trusted go-between 4700 could electronically examine the patent application 
ISw'to^nsure it meets all formal requirements, and could also date/time stamp the 
received patent application in order to document its filing date. 

n(»^ai^p^^ npgf-T-i pUnn Tpyf. (527): . , 

Telecommunications are becoming ubiquitous in post -industrial societies As a 
convenience to customers, the trusted go-between could of£er many of its services as 
part of, or in conjunction with prnviders of telecom services, p^^^^^ .'^e^Zi^'^^^^^^ 
example shown in FIG. 134. a trusted go-between 4700 is co-located and integrated 
with a telephone switch that connects to a telephone or other tf «^°"™^^^^^ions 
network via wires (or other connections) 5100 (m another example, the switch and 
?ms?ed-go between 4700 cooperate, but are not co-located) In one example a person 
with a laptop 5102 or other computer lacking a PPE 650 wishes nontheless to take 
advantage of a subset of secure item delivery services. The computer 5102 is 
eSped w?th a fax modem and associated application software The computer dials a 
soecial number which may be an "800" number and is connected to the trusted 
g?!be?ieeS 4?5o who authenticates the sender using a pre-established password and/ or 
Itronger methods such as biometric measurements. The sender indicates the telephone 
number of fax machine to receive the document. 

Sean Smith and J.D. Tygar, Signed Vector Timestamps: A Secure ^^^^^f^^J J^^ . ^^^^^^^ 
m-Hf^r Time, CMU-93-116, School of Computer Science Carnegie Mellon University, 
Pittsburgh, Pennsylvania, Oct. 1991; version of Feb. 1993, 15 pages. 

ni-bp*T- Rpfp>rf^nr f^ PiihliraMon (136) : 
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Special Report, The I^met: Fulfilling the Promise; ^ch, Clifford, The Internet 
Bringing ordRr From cSl^s; Resnick, Paul, Search the I?!f5met, Hearst, Marti A., 
Filtering Information on the Internet; Stefik, Mark, Interfaces for Searching the 
Web; Scientific American, Mar. 1997, pp. 49-56, 62-67, 68-72, 78-81. 

Ohhf^r Pe -Fp^vf^nrF^ Publication (138): 

The Benefits of RDI f or Jiatabaae Protection and usage Based Billing (Personal 
Library Software, 1987 or 1988) . 
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DOCUMENT-IDENTIFIER: US 6038601 A 

TITLE: Method and apparatus for storing and delivering documents on the internet 
Detailed Description Text (124): 

Regular expression processing is traditionally slow. Given that caching server 
performance is extremely important, the ICEXPIRE tag provides a high-speed level of 
lookup before regular expression matching is performed. The HOST attribute defines 
a host name to which the expiration applies. Only those URLs with a matching host 
name are considered for regular expression matching. The host names can be used as 
keys in a hash table, providing a first level of high-speed lookup. Once the 
correct host is found, the server can travel through the set of ICEXPIRE regular 
expressions that apply to that host, until a match is found. Each regular 
expression is specified with the REGEXP attribute. Once a match is found, the 
expiration control attributes in the tag are applied to the matching URL, as 
described in the following sections. The remaining two attributes describe a fixed 
expiration and a minimum expiration. The uses of these attributes are described in 
the following sections. 

Detailed Description Text (200) : 

In addition to lookahead configurations that are bound to channel subscriptions, 
the content provider can have any number of lookahead configurations bound to site 
(host) name regular expressions. According to one embodiment in order to improve 
performance, the caching server uses a two-stage lookup mechanism similar to that 
used by ICEXPIRE tags. In this case the first stage is the host's " domain - 
the last two labels of the host name. The igj^^f^SE^^^^^^a^^^^g^^^^^Wtein— ■ 
^^^^^^^^^^^^^^^^^^gnevg^^^p:age ^ i s ^^I^SB?K''S'n8<S d^o riT^xit^s^fP^^^ho^s t n ame * s 

o^fec^^s lr8^^^^^^^^^^e?^a^ table-. - ^^^n^ entry is found, all lookahead 

configurat i^d ns^'ifc^^tiTa t" doma i n have their^host name regular expressions ^g^^^^ fe^ 
^^^^^^piHe URL's host name. The configuration whose host name regular expression 
-€^i'rstrmatches the URL*s host name is used to configure lookahead for that URL. The 
two-stage lookup algorithm thus ensures that domains with no custom lookahead are 
not slowed by domains with lots of custom lookahead. 
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ABSTRACT : 

The present invention relates to techniques for controlling transfers of 
information in computer networks. One technique involves transmitting from a server 
computer to a client computer a document containing a channel object corresponding 
to a communication service, and storing an access ticket that indicates that a user 
of the client computer permits the information source computer to communicate with 
the user over a specified channel. Another technique involves transmitting smart 
digital offers based on information such as coupons and purchasing histories stored 
at the computer receiving the offer. Another technique involves transmitting from a 
server computer to a client computer a request for a user^s personal profile 
information, and activating a client avatar that compares the request for personal 
profile information with a security profile of the user limiting access to personal 
profile information. Another technique involves transmitting from a server computer 
to a client computer a document containing an embedded link, activating the 
embedded link at the client computer and recording activation of the embedded link 
in a metering log. 
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DOCUMENT-IDENTIFIER: US 6279112 Bl 

TITLE: Controlled transfer of information in computer networks 
Detailed Description Text (31) : 

Referring to FIG. 6, in operation of the network-based system of FIG. 5 the client 
computer obtains a document from the server computer that contains an offer/catalog 
description record (step 212) corresponding to an offer or catalog that will be 
sent to the client computer. The offer/catalog description record contains a 
profile query specifying the kinds of profile information that will be useful to 
the server computer in constructing a client-specific offer or in dynamically 
customizing the content of a catalog to be transmitted to the client computer. The 
offer /catalog description record also identifies the supplier of the record and the 
server computer to which the profile information should be sent^ and contains the 
supplier *s authenticating signature . Receipt of the offer/catalog description 
record by the client computer activates the client avatar (step 214) . The client 
avatar compare the profile query in the offer/catalog description record with the 
security profile, which restricts the domain of profile information against which 
the profile query is processed (step 216) . 

Detailed Description Text (32) : 

If the profile query requests information that the security profile restricts only 
to trusted servers, then the client avatar determines whether the server computer 
is one of the trusted servers and, if so, checks the authenticating signature 
contained in the offer /catalog description record {step 217) (the client avatar may 
assume that if the supplier of the record is a trusted supplier, then the server 
should be trusted too) . If the profile query requests information that, according 
to the security profile, requires user authorization for release, then the client 
avatar prompts the user for authorization to release the information to the server 
computer (step 218) and the user indicates whether release of the information is 
authorized (step 220) . Ordinarily, the user will not be prompted for authorization 
to release information to a trusted server, but the security profile can 
nevertheless be configured to require this for certain information. 

Current US Cross Reference Classification (1) : 
705/14 
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The present invention is provided for utilizing various types of user indicia such 
as search requests, products purchased, products looked at but not purchased, 
products purchased and returned, reasons for returning products, customers stated 
profile including income level, education level, stated profession, etc. for the 
purpose of customizing a user interface. 

17 Claims, 177 Drawing figures 
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TITLE: Dynamic customer profile management 



Application Filing Date (1) : 
19990527 

Detailed Description Text (27) : 

Referring again to operation 28 of FIG. 1, and more particularly to FIGS. 18 and 
FIGS. 27-34, it is seen that FIG. 27 provides an exemplary pictorial representation 
of various components of a web architecture framework, each component being 
represented by a box. Three business entities are represented in this example as 
Businessl, Business2, and Business3. Each business entity has a unique indicia 
coding, as shown in the legend. Indicia coding is provided in each component box 
that has related products or services offered by a business entity. For example, in 
the Security Services section, the Browser Based Authentication component has all 
three types of indicia coding. Thus, all three of the business entities provide 
products or services related to that component. Also in the Security Services 
section, the Virtual Private Networks component has only two types of indicia 
coding. Referring to the legend, it is seen that only Businessl and Business2 offer 
products or services related to that particular component. For clarity, FIGS. 28, 
30, and 32 are provided to illustrate the products or services offered by each 
individual entity . 

Detailed Description Text (77): 

The evolution of new technologies and expanded access to a virtual world has 
increased the security risk of conducting business. It is therefore essential to 
recognize the need for a new unit in the organization, specifically dedicated to 
ensuring that security is handled appropriately. At the Program level, the Security 
Management unit needs to: Ensure all security issues are effectively addressed 
throughout the program (all business and IT processes) . Act as facilitator and 
approving body for all new and existing initiatives that contain security 
components. Own responsibility for the organization and facilitation of working 
groups that would address security issues. Be responsible for development and 
maintenance of the Security Plan. 

Detailed Description Text (159) : 

In order to ensure the security of the system, periodical security audits should be 
arranged, in order to verify that the processes and architecture and application 
components that are being developed conform to security proven practices. This may 
be done by an external body specializing in security (such as Global TIS — Security) 
in the form of interviews, architecture and code reviews, and automated tool 
assessment . 

Detailed Description Text (485) : 

Video conferencing is an advantage when one person needs to see the other person's 
face, his or her reactions, read body -language, build relationships, and so on. On 
the other hand, when communication is more technical, for example, fixing a bug, 
collaborative design, document writing, or presenting a demonstration, it is more 
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critical to be able to see what the other person is seeing, or to be able to show 
information at hand. In this case, application sharing assumes greater importance. 
It is a common misconception that video conferencing replaces working in the same 
place. The logistics involved in setting up a group video conference for different 
time zones, and the complexity of sharing a common whiteboard, limit the value of 
the solution to occasional situations. In a development environment, the real value 
of synchronous communication is not in being able to see someone else at the other 
end, it is in being able to share a working session on a work object. 

Detailed Description Text (514) : 

Security Management tools include: Intrusion detection--discovers and alerts 
administrators of intrusion attempts. Network assessment — performs scheduled and 
selective probes of the network's communication services, operating systems, and 
routers in search of those vulnerabilities most often used by unscrupulous 
individuals to probe, investigate, and attack your network. Platform security-- 
minimizes the opportunities for intruders to compromise corporate systems by 
providing additional operating system security features. Web-based access control-- 
enables organizations to control and manage user access to web based applications 
with restricted access. Fraud services — methods of verifying the identity of credit 
card users to reduce the amount of fraudulent credit card transactions. Mobile code 
security--protects corporate resources, computer files, confidential information, 
and corporate assets from possible mobile code attack. E-mail content filtering — 
allows organizations to define and enforce e-mail policies to ensure the 
appropriate email content. Application development security toolkits — allow 
programmers to integrate privacy, authentication, and additional security features 
into applications by using a cryptography engine and toolkit. Encryption — provides 
confidential communications to prevent the disclosure of sensitive information as 
it travels over the network. This capability is essential for conducting business 
over an unsecured channel such as the Internet. Public key infrastructure — provides 
public-key encryption and digital signature services. The purpose of a public-key 
infrastructure is to manage keys and certificates. A PKI enables the use of 
encryption, digital signatures, and authentication services across a wide variety 
of applications. Authentication system--provides a business with the ability to 
accurately know who they are conducting business with. Firewall--protects against 
theft, loss, or misuse of important data on the corporate network, as well as 
protection against attempted denial of service attacks. Firewalls may be used at 
various points in the network to enforce different security policies. 

Detailed Description Text (650) : 

Configuration Management tools are needed once the system becomes large and many 
modules (which may include programs, header files, copybooks, shared components, 
subroutines, and so on) have to be managed. There is a significant cost involved in 
formal configuration management. If the system has a little over 100 modules, the 
Configuration Management component may consist merely of a whiteboard or Excel 
spreadsheet. As the number of modules grows to about 1000, a dedicated tool is 
required. 

Detailed Description Text (2038) : 

In addition, several other relevant standards exist including: ISDN Integrated 
Services Digital Network, the digital communication standard for transmission of 
voice, video and data on a single communications link. RTP Real-Time Transport 
Protocol, an Internet Standard Protocol for transmission of real-time data like 
voice and video over unicast and multicast networks. IP Internet Protocol, an 
Internet Standard Protocol for transmission and delivery of data packets on a 
packet switched network of interconnected computer systems. PPP Point-to-Point 
Protocol MPEG Motion Pictures Expert Group, a standards body under the 
International Standards Organization ( ISO) , Recommendations for compression of 
digital Video and Audio including the bit stream but not the compression 
algorithms. SLIP Serial Line Internet Protocol RSVP Resource Reservation Setup 
Protocol UDP User Datagram Protocol 
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Detailed Description Text (2069) : 

WAF supports a general purpose foundation for secure transaction management, 
including usage control, auditing, reporting, and/or payment. This general purpose 
foundation is called "WAF Functions" ("WAFFs"). WAF also supports a collection of 
"atomic" application elements {e.g., load modules) that can be selectively 
aggregated together to form various WAFF capabilities called control methods and 
which serve as WAFF applications and operating system functions. When a host 
operating environment of an electronic appliance includes WAFF capabilities, it is 
called a "Rights Operating System" (ROS) . WAFF load modules, associated data, and 
methods form a body of information that for the purposes of the present invention 
are called "control information." WAFF control information may be specifically 
associated with one or more pieces of electronic content and/or it may be employed 
as a general component of the operating system capabilities of a WAF installation. 

Detailed Description Text (2070) : 

WAFF transaction control elements reflect and enact content specific and/or more 
generalized administrative (for example, general operating system) control 
information. WAFF capabilities which can generally take the form of applications 
(application models) that have more or less configurability which can be shaped by 
WAF participants, through the use, for example, of WAF templates, to employ 
specific capabilities, along, for example, with capability parameter data to 
reflect the elements of one or more express electronic agreements between WAF 
participants in regards to the use of electronic content such as commercially 
distributed products. These control capabilities manage the use of, and/or auditing 
of use of, electronic content, as well as reporting information based upon content 
use, and any payment for said use. WAFF capabilities may "evolve" to reflect the 
requirements of one or more successive parties who receive or otherwise contribute 
to a given set of control information. Frequently, for a WAF application for a 
given content model (such as distribution of entertainment on CD-ROM, content 
delivery from an Internet repository, or electronic catalog shopping and 
advertising, or some combination of the above) participants would be able to 
securely select from amongst available, alternative control methods and apply 
related parameter data, wherein such selection of control method and/or submission 
of data would constitute their "contribution" of control information. 
Alternatively, or in addition, certain control methods that have been expressly 
certified as securely interoperable and compatible with said application may be 
independently submitted by a participant as part of such a contribution. In the 
most general example, a generally certified load module (certified for a given WAF 
arrangement and/or content class) may be used with many or any WAF application that 
operates in nodes of said arrangement. These parties, to the extent they are 
allowed, can independently and securely add, delete, and/or otherwise modify the 
specification of load modules and methods, as well as add, delete or otherwise 
modify related information. 

Detailed Description Text (2093) : 

Referring to operation 1500 of FIG. 66, one embodiment of the electronic commerce 
component of the present invention is provided for allowing purchase of products 
and services via a display catalog . The display catalog may display linkable 
pictures, such as visual representations of products for sale. The display catalog 
may also display linkable text which could represent a product or family of 
products, as well as services offered. Other linkable text or pictures could be 
implemented to provide multiple ways to traverse the display catalog to ease 
navigation along a page or between various pages . An exemplary link would include 
at least one textual or picture link displayed on each page of the display catalog 
that would permit a user to purchase the good or service shown on that page or 
associated with a particular good or service displayed on the page. Such link may 
resemble a shopping cart. 

Detailed Description Text (2099) : 
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As shown in FIG. 67, one einbodiment of the electronic commerce component of the 
present invention is provided for facilitating a virtual shopping transaction. 
First, a plurality of - items, i.e. products or services, are selected from a 
database and displayed for purchase in operation 1600. Preferably, the items are 
displayed in an electronic catalog format. Next, in operation 1602, a user is 
allowed to select a predetermined set of the items for purchase. For example, each 
of the items could include a liked picture or text, which a user would then simply 
click on with a mouse pointer to select the items. Other options include scrollable 
menus, etc. In operation 1604, a payment is then accepted in exchange for the 
predetermined set of items. Such predetermined set of items is then stored in 
operation 1606, thereby allowing the user to collectively select the predetermined 
set of items at a later time without having to select each of the items 
individually. Note operation 1608. The selected items are preferably stored in a 
database unique to the user. The set of items selected during each shopping session 
should be stored in a separate listing or file so that the user can individually 
select particular sets of items. Optionally, the user may be allowed to name each 
stored set of items for easier identification later. The user may also be permitted 
to rate or rank the items of a selected set for purposes of refreshing the user^s 
memory when the user later retrieves the set. 

Detailed Description Text (2103) : 

The elements which constitute the shopping basket are a shopping basket main body 
(purchase list) and a function for taking in and out items for the shopping basket. 
As functions associated with the shopping basket, there are a function to take the 
items into the shopping basket (add to the purchase list), a function to check the 
contents of the shopping basket (display the purchase list), a function to return 
the item in the shopping basket (change the purchase list) and a function to 
purchase the items in the shopping basket. However, for the function to purchase 
the items, only the order is accepted because the delivery of the items is made 
later except a portion of items which can be downloaded as digital data and the 
shopping is not completed until the items are received and the account is settled. 

Detailed Description Text (2108) : 

In accordance with the present invention, an interface for providing the shopping 
basket function is provided as a separate shopping basket window from a catalog 
window on which online shop item data is displayed. The shopping basket window is 
displayed on the catalog window and a display position is moved in linkage with the 
movement of a mouse pointer. The shopping basket includes a list of items to be 
purchased which is a main body of the shopping basket, a function to add the item 
data to the list, and a function to change the item data registered in the list. In 
one embodiment of the present invention, the shopping basket main body is not 
always displayed. Instead, an interface function to display the shopping basket 
contents on the screen is provided on the shopping basket window. 

Detailed Description Text (2118): 

To meet this need, several companies have developed computer architectures for 
online electronic catalog sales using, for example, the Internet as a transport 
mechanism to transmit data representing purchase requests between a proprietary 
browser and server product pair. 

Detailed Description Text (2120) : 

Another company. Open Market, is developing a similar electronic catalog system 
consisting of a HyperText Markup Language (HTML) authoring tool (called 
Storebuilder) , and a server (called Webserver) connected to an integrated back-end 
commerce system (called TransactionLink) . This system appears to share similar 
characteristics and disadvantages as the Netscape system. 

Detailed Description Text (2135) : 

It is desirable for a computer operated under the control of a merchant to obtain 
information offered by a customer and transmitted by a computer operating under the 



h eb bgeeef c ebf 



e ge 



Record Display Form 




Pages of 17 



control of the customer over a publicly accessible packet-switched network (e.g., 
the Internet) to the computer operating under the control of the merchant, without 
risking the exposure of the information to interception by third parties that have 
access to the network, and to assure that the information is from an authentic 
source. It is further desirable for the merchant to transmit information, including 
a subset of the information provided by the customer, over such a network to a 
payment gateway computer system that is designated, by a bank or other financial 
institution that has the responsibility of providing payment on behalf of the 
customer, to authorize a commercial transaction on behalf of such a financial 
institution, without the risk of exposing that information to interception by third 
parties. Such institutions include, for example, financial institutions offering 
credit or debit card services. 



Detailed Description Text (2248) : 

The second aspect of the invention is the governing logic for controlling system 
dynamics. This logic is stored in system memory and provides the sequence of 
protocols and rules that allocate trading priority, and the system responses to 
operative commands entered by the brokers at the workstations. The system logic is 
critical on two levels. First, it is important as the guiding principles underlying 
the system and thus performance is tied directly thereto. On a second level, system 
logic must be known to all customers and traders as the rules dictating market 
access and response — to eliminate any confusion and to place participants on as 
close to an equal footing as possible. It is a fundamental precept of the present 
system to provide fair and complete access to the trading process to all registered 
participants . 

Detailed Description Text (2311): 

WAF may be used to migrate most non -electronic, traditional information delivery 
models (including entertainment, reference materials, catalog shopping, etc.) into 
an adequately secure digital distribution and usage management and payment context. 
The distribution and financial pathways managed by a WAF arrangement may include: 
content creator (s), distributor ( s ) , redistributor ( s ) , client administrator ( s) , 
client user(s), financial and/or other clearinghouse ( s ) , and/or government 
agencies . 

Detailed Description Text (2322) : 

Control information may be provided by a party who does not directly participate in 
the handling of electronic content (and/or appliance) and/or control information 
for such content (and/or appliance). Such control information may be provided in 
secure form using WAF installation secure sub-system managed communications 
(including, for example, authenticating the deliverer of at least in part encrypted 
control information) between such not directly participating one or more parties' 
WAF installation secure subsystems, and a pathway of WAF content control 
information participant's WAF installation secure subsystem. This control 
information may relate to, for example, the right to access credit supplied by a 
financial services provider, the enforcement of regulations or laws enacted by a 
government agency, or the requirements of a customer of WAF managed content usage 
information (reflecting usage of content by one or more parties other than such 
customer) relating to the creation, handling and/or manner of reporting of usage 
information received by such customer. Such control information may, for example, 
enforce societal requirements such as laws related to electronic commerce. 

Detailed Description Text (2325) ; 

Normally, most usage, audit, reporting, payment, and distribution control methods 
are themselves at least in part encrypted and are executed by the secure subsystem 
of a WAF installation. Thus, for example, billing and metering records can be 
securely generated and updated, and encryption and decryption keys are securely 
utilized, within a secure subsystem. Since WAF also employs secure (e.g. encrypted 
and authenticated ) communications when passing information between the participant 
location (nodes) secure subsystems of a WAF arrangement, important components of a 
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WAF electronic agreement can be reliably enforced with sufficient security 
(sufficiently trusted) for the intended commercial purposes. A WAF electronic 
agreement for a value chain can be composed, at least in part, of one or more 
subagreements between one or more subsets of the value chain participants. These 
subagreements are comprised of one or more electronic contract "compliance" 
elements (methods including associated parameter data) that ensure the protection 
of the rights of WAF participants. 

Detailed Description Text (2326) : 

The degree of trustedness of a WAF arrangement will be primarily based on whether 
hardware SPUs are employed at participant location secure subsystems and the 
effectiveness of the SPU hardware security architecture, software security 
techniques when an SPU is emulated in software, and the encryption algorithm (s) and 
keys that are employed for securing content, control information, communications, 
and access to WAF node (WAF installation) secure subsystems. Physical facility and 
user identity authentication security procedures may be used instead of hardware 
SPUs at certain nodes, such as at an established financial clearinghouse, where 
such procedures may provide sufficient security for trusted interoperability with a 
WAF arrangement employing hardware SPUs at user nodes. 

Detailed Description Text (2466) : 

There has been some research pioneered by W. C. Sheldon at Harvard in the 1930 *s 
and 40 's, on the correlation between body type and learning characteristics. 
(Smith, 1949, pp. 310-320) . Sheldon delineated three body types, based on the 
embryonic source of tissue: ectomorph (tall and skinny), mesomorph (compact and 
muscular) and endomorph (large and or overweight) . 

Detailed Description Text (2473) : 

There is much written in educational psychology about learning styles, usually 
referred to as "cognitive styles." Cognitive style, or learning style, refers to 
the way in which a student prefers to organize his or her thought processes — his or 
her preferred mode of thinking. There are a few different approaches which could be 
used, but by far the largest body of research shows that learning style preferences 
usually fall into one of two groups, stereotyped as artistic or scientific 
thinking . 

Detailed Description Text (2532) : 

In a traditional case, where goods are introduced to a customer in a traditional 
way, that is, through a catalog sent via traditional mail (not electronic mail) and 
so forth, or through other media, without using an online communication system, If 
the customer has a question about the introduced goods, the customer may directly 
call a company or the like which handles the goods and inquire thereof about the 
goods. In such a case, the customer tells the company the trade names, article 
identification numbers, and so forth, of the goods. Then, the customer may obtain 
an answer as to how to use the goods, a payment method when buying the goods, and 
so forth, from a person in the customer service division in the company. 

Detailed Description Text (2566) : 

Referring to FIG. 88, operation 2700 allows browser-based authentication with user 
verification data. In operation 2702, access is granted to application and/or 
system data based on the user verification data, which may be stored in a user's 
browser. Virtual private networking is provided in operation 2704. Rights and 
Control Information 



Detailed Description Text (2590) : 

WAF, for example, can employ: (1) Secure metering means for budgeting and/or 
auditing electronic content and/or appliance usage; (2) Secure flexible means for 
enabling compensation and/or billing rates for content and/or appliance usage, 
including electronic credit and/or currency mechanisms for payment means; (3) 
Secure distributed database means for storing control and usage related information 
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(and employing validated compartmentalization and tagging schemes); (4) Secure 
electronic appliance control means; (5) A distributed, secure, "virtual black box" 
comprised of nodes located at every user (including WAF content container creators, 
other content providers, client users, and recipients of secure WAF content usage 
information) site. The nodes of said virtual black box normally include a secure 
subsystem having at least one secure hardware element (a semiconductor element or 
other hardware module for securely executing WAF control processes), said secure 
subsystems being distributed at nodes along a pathway of information storage, 
distribution, payment, usage, and/or auditing. In some embodiments, the functions 
of said hardware element, for certain or all nodes, may be performed by software, 
for example, in host processing environments of electronic appliances; (6) 
Encryption and decryption means; (7) Secure communications means employing 
authentication, digital signaturing, and encrypted transmissions. The secure 
subsystems at said user nodes utilize a protocol that establishes and authenticates 
each node's and/or participant's identity, and establishes one or more secure host- 
to-host encryption keys for communications between the secure subsystems; and (8) 
Secure control means that can allow each WAF installation to perform WAF content 
authoring (placing content into WAF containers with associated control 
information) , content distribution, and content usage; as well as clearinghouse and 
other administrative and analysis activities employing content usage information. 

Detailed Description Text (2595) : 

Browser Based Authentication Verifies user identity using built-in browser 
functionality Maintains authentication information throughout sessions Utilizes 
centralized directory of profiles Provides LDAP compatibility Provides NDS 
compatibility 

Detailed Description Text (2596) : 

The security component of the present invention verifies user identity using built- 
in browser functionality, allowing for immediate access to a user without requiring 
installation of additional software. Authentication information may be maintained 
throughout selected or all sessions ^to prevent unauthorized users from accessing 
resources through a registered user's connection. 

Detailed Description Text (2616) : 

Remote Access Services (Radius) Enables high density modem pooling Provides a 
single dial-in number for ISDN, or Analog calls and an automatic back-up number if 
first one does not work Creates an Integrated Firewall /authentication Allows remote 
authenticated access to intranet 



Detailed Description Text (2617) : 

High density modem pooling is performed by the network services component of the 
present invention. Also provided are a single dial-in number for ISDN or Analog 
calls and an automatic back-up number if the first number does not work or returns 
a busy signal. Optionally, an integrated firewall may be created or authorization 
may be verified through authentication . Also optionally, remote authenticated 
access to intranet may be allowed. 

Detailed Description Text (2643) : 

As shown in component 1420 of FIG. 65, one embodiment of the present invention is 
provided for affording a plurality of client service-related services. Referring to 
FIG. 91, among the features included are managing client verification data for user 
authentication purposes in a network framework in operation 3000. In operation 
3002, electronic mail capabilities in the network framework are provided. Network 
framework browsing in the network framework is provided in operation 3004. File 
transfer capabilities in the network framework, news reader capabilities in the 
network framework, and chat room capabilities in the network framework are provided 
in operations 3006, 3008, and 3010, respectively. Playback capabilities in the 
network framework are enabled in operation 3012. Financial transactional 
capabilities in the network framework are also provided. Note operation 3014. 
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Detailed Description Text (2644) : 

Certificates Manages client certificates for user authentication 
Detailed Description Text (2645) : 

The client services component of the present invention manages client certificates 
used for user authentication . These include certificates used to identify a user 
during automatic log on. 

Detailed Description Text (2737) : 

support low-cost, efficient, and effective security architectures for transaction 
control, auditing, reporting, and related communications and information storage. 
WAF may employ tagging related security techniques, the time-ageing of encryption 
keys, the compartmentalization of both stored control information (including 
differentially tagging such stored information to ensure against substitution and 
tampering) and distributed content (to, for many content applications, employ one 
or more content encryption keys that are unique to the specific WAF installation 
and/or user) , private key techniques such as triple DES to encrypt content, public 
key techniques such as RSA to protect communications and to provide the benefits of 
digital signature and authentication to securely bind together the nodes of a WAF 
arrangement, secure processing of important transaction management executable code, 
and a combining of a small amount of highly secure, hardware protected storage 
space with a much larger "exposed" mass media storage space storing secured 
(normally encrypted and tagged) control and audit information. WAF employs special 
purpose hardware distributed throughout some or all locations of a WAF 
implementation: a) said hardware controlling important elements of: content 
preparation (such as causing such content to be placed in a WAF content container 
and associating content control information with said content), content and/or 
electronic appliance usage auditing, content usage analysis, as well as content 
usage control; and b) said hardware having been designed to securely handle 
processing load module control activities, wherein said control processing 
activities may involve a sequence of required control factors; 

Detailed Description Text (2750) : 

employ "templates" to ease the process of configuring capabilities of the present 
invention as they relate to specific industries or businesses. Templates are 
applications or application add-ons under the present invention. Templates support 
the efficient specification and/or manipulation of criteria related to specific 
content types, distribution approaches, pricing mechanisms, user interactions with 
content and/or administrative activities, and/or the like. Given the very large 
range of capabilities and configurations supported by the present invention, 
reducing the range of configuration opportunities to a manageable subset 
particularly appropriate for a given business model allows the full configurable 
power of the present invention to be easily employed by "typical" users who would 
be otherwise burdened with complex programming and/or configuration design 
responsibilities template applications can also help ensure that WAF related 
processes are secure and optimally bug free by reducing the risks associated with 
the contribution of independently developed load modules, including unpredictable 
aspects of code interaction between independent modules and applications, as well 
as security risks associated with possible presence of viruses in such modules. 
WAF, through the use of templates, reduces typical user configuration 
responsibilities to an appropriately focused set of activities including selection 
of method types (e.g. functionality) through menu choices such as multiple choice, 
icon selection, and/or prompting for method parameter data (such as identification 
information, prices, budget limits, dates, periods of time, access rights to 
specific content, etc.) that supply appropriate and/or necessary data for control 
information purposes. By limiting the typical (non-programming) user to a limited 
subset of configuration activities whose general configuration environment 
(template) has been preset to reflect general requirements corresponding to that 
user, or a content or other business model can very substantially limit 
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difficulties associated with content containerization (including placing initial 
control information on content), distribution, client administration, electronic 
agreement implementation, end-user interaction, and clearinghouse activities, 
including associated interoperability problems (such as conflicts resulting from 
security, operating system, and/or certification incompatibilities) . Use of 
appropriate WAF templates can assure users that their activities related to content 
WAF containerization, contribution of other control information, communications, 
encryption techniques and/or keys, etc. will be in compliance with specifications 
for their distributed WAF arrangement. WAF templates constitute preset 
configurations that can normally be reconf igurable to allow for new and/or modified 
templates that reflect adaptation into new industries as they evolve or to reflect 
the evolution or other change of an existing industry. For example, the template 
concept may be used to provide individual, overall frameworks for organizations and 
individuals that create, modify, market, distribute, consume, and/or otherwise use 
movies, audio recordings and live performances, magazines, telephony based retail 
sales, catalogs, computer software, information data bases, multimedia, commercial 
communications, advertisements, market surveys, inf omercials, games, CAD/CAM 
services for numerically controlled machines, and the like. As the context 
surrounding these templates changes or evolves, template applications provided 
under the present invention may be modified to meet these changes for broad use, or 
for more focused activities. A given WAF participant may have a plurality of 
templates available for different tasks. A party that places content in its initial 
WAF container may have a variety of different, configurable templates depending on 
the type of content and/or business model related to the content. An end-user may 
have different configurable templates that can be applied to different document 
types (e-mail, secure internal documents, database records, etc.) and/or subsets of 
users (applying differing general sets of control information to different bodies 
of users, for example, selecting a list of users who may, under certain preset 
criteria, use a certain document) . Of course, templates may, under certain 
circumstances have fixed control information and not provide for user selections or 
parameter data entry. 

Detailed Description Text (2754) : 

provide mechanisms that allow control information to "evolve" and be modified 
according, at least in part, to independently, securely delivered further control 
information. Said control information may include executable code (e.g., load 
modules) that has been certified as acceptable (e.g., reliable and trusted) for use 
with a specific WAF application, class of applications, and/or a WAF distributed 
arrangement. This modification (evolution) of control information can occur upon 
content control information (load modules and any associated data) circulating to 
one or more WAF participants in a pathway of handling of control information, or it 
may occur upon control information being received from a WAF participant. Handlers 
in a pathway of handling of content control information, to the extent each is 
authorized, can establish, modify, and/or contribute to, permission, auditing, 
payment, and reporting control information related to controlling, analyzing, 
paying for, and/or reporting usage of, electronic content and/or appliances (for 
example, as related to usage of WAF controlled property content) . Independently 
delivered (from an independent source which is independent except in regards to 
certification) , at least in part secure, control information can be employed to 
securely modify content control information when content control information has 
flowed from one party to another party in a sequence of WAF content control 
information handling. This modification employs, for example, one or more WAF 
component assemblies being securely processed in a WAF secure subsystem. In an 
alternate embodiment, control information may be modified by a senior party through 
use of their WAF installation secure sub-system after receiving submitted, at least 
in part secured, control information from a "junior" party, normally in the form of 
a WAF administrative object. Control information passing along WAF pathways can 
represent a mixed control set, in that it may include: control information that 
persisted through a sequence of control information handlers, other control 
information that was allowed to be modified, and further control information 
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representing new control information and/or mediating data. Such a control set 
represents an evolution of control information for disseminated content. In this 
example the overall content control set for a WAF content container is "evolving" 
as it securely (e.g. communicated in encrypted form and using authentication and 
digital signaturing techniques) passes, at least in part, to a new participant's 
WAF installation where the proposed control information is securely received and 
handled. The received control information may be integrated (through use of the 
receiving parties* WAF installation secure sub-system) with in-place control 
information through a negotiation process involving both control information sets. 
For example, the modification, within the secure sub-system of a content provider's 
WAF installation, of content control information for a certain WAF content 
container may have occurred as a result of the incorporation of required control 
information provided by a financial credit provider. Said credit provider may have 
employed their WAF installation to prepare and securely communicate (directly or 
indirectly) said required control information to said content provider. 
Incorporating said required control information enables a content provider to allow 
the credit provider's credit to be employed by a content end-user to compensate for 
the end-user's use of WAF controlled content and/or appliances, so long as said 
end-user has a credit account with said financial credit provider and said credit 
account has sufficient credit available. Similarly, control information requiring 
the payment of taxes and/or the provision of revenue information resulting from 
electronic commerce activities may be securely received by a content provider. This 
control information may be received, for example, from a government agency. Content 
providers might be required by law to incorporate such control information into the 
control information for commercially distributed content and/or services related to 
appliance usage. Proposed control information is used to an extent allowed by 
senior control information and as determined by any negotiation trade-offs that 
satisfy priorities stipulated by each set (the received set and the proposed set) . 
WAF also accommodates different control schemes specifically applying to different 
participants (e.g., individual participants and/or participant classes (types)) in 
a network of WAF content handling participants. 

Detailed Description Text (2766) : 

support the operation of a plurality of clearinghouses, including, for example, 
both financial and user clearinghouse activities, such as those performed by a 
client administrator in a large organization to assist in the organization's use of 
a WAF arrangement, including usage information analysis, and control of WAF 
activities by individuals and groups of employees such as specifying budgets and 
the character of usage rights available under WAF for certain groups of and/or 
individual, client personnel, subject to control information series to control 
information submitted by the client administrator. At a clearinghouse, one or more 
WAF installations may operate together with a trusted distributed database 
environment (which may include concurrent database processing means) . A financial 
clearinghouse normally receives at its location securely delivered content usage 
information, and user requests (such as requests for further credit, electronic 
currency, and/or higher credit limit) . Reporting of usage information and user 
requests can be used for supporting electronic currency, billing, payment and 
credit related activities, and/or for user profile analysis and/or broader market 
survey analysis and marketing (consolidated) list generation or other information 
derived, at least in part, from said usage information. This information can be 
provided to content providers or other parties, through secure, authenticated 
encrypted communication to the WAF installation secure subsystems. Clearinghouse 
processing means would normally be connected to specialized I/O means, which may 
include high speed telecommunication switching means that may be used for secure 
communications between a clearinghouse and other WAF pathway participants. 

Detailed Description Text (2772) : 

support smart card implementations of the present invention in the form of portable 
electronic appliances, including cards that can be employed as secure credit, 
banking, and/or money cards. A feature of the present invention is the use of 
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portable WAFs as transaction cards at retail and other establishments, wherein such 
cards can "dock" with an establishment terminal that has a WAF secure sub-system 
and/or an online connection to a WAF secure and/or otherwise secure and compatible 
subsystem, such as a "trusted" financial clearinghouse (e.g., VISA, Mastercard), 
The WAF card and the terminal (and/or online connection) can securely exchange 
information related to a transaction, with credit and/or electronic currency being 
transferred to a merchant and/or clearinghouse and transaction information flowing 
back to the card. Such a card can be used for transaction activities of all sorts. 
A docking station, such as a PCMCIA connector on an electronic appliance, such as a 
personal computer, can receive a consumer's WAF card at home. Such a station/card 
combination can be used for on-line transactions in the same manner as a WAF 
installation that is permanently installed in such an electronic appliance. The 
card can be used as an "electronic wallet" and contain electronic currency as well 
as credit provided by a clearinghouse. The card can act as a convergence point for 
financial activities of a consumer regarding many, if not all, merchant, banking, 
and on-line financial transactions, including supporting home banking activities. A 
consumer can receive his paycheck and/or investment earnings and/or " authentic " WAF 
content container secured detailed information on such receipts, through on-line 
connections. A user can send digital currency to another party with a WAF 
arrangement, including giving away such currency. A WAF card can retain details of 
transactions in a highly secure and database organized fashion so that financially 
related information is both consolidated and very easily retrieved and/or analyzed. 
Because of the WAF security, including use of effective encryption, authentication, 
digital signaturing, and secure database structures, the records contained within a 
WAF card arrangement may be accepted as valid transaction records for government 
and/or corporate recordkeeping requirements. In some embodiments of the present 
invention a WAF card may employ docking station and/or electronic appliance storage 
means and/or share other WAF arrangement means local to said appliance and/or 
available across a network, to augment the information storage capacity of the WAF 
card, by for example, storing dated, and/or archived, backup information. Taxes 
relating to some or all of an individual's financial activities may be 
automatically computed based on " authentic " information securely stored and 
available to said WAF card. Said information may be stored in said card, in said 
docking station, in an associated electronic appliance, and/or other device 
operatively attached thereto, and/or remotely, such as at a remote server site. A 
card's data, e.g. transaction history, can be backed up to an individual's personal 
computer or other electronic appliance and such an appliance may have an integrated 
WAF installation of its own. A current transaction, recent transactions (for 
redundancy) , or all or other selected card data may be backed up to a remote backup 
repository, such a WAF compatible repository at a financial clearinghouse, during 
each or periodic docking for a financial transaction and/or information 
communication such as a user/merchant transaction. Backing up at least the current 
transaction during a connection with another party's WAF installation (for example 
a WAF installation that is also on a financial or general purpose electronic 
network), by posting transaction information to a remote clearinghouse and/or bank, 
can ensure that sufficient backup is conducted to enable complete reconstruction of 
WAF card internal information in the event of a card failure or loss. 

Detailed Description Paragraph Table (1) : 

1.1 Businessl (www.businessl.com) Businessl offers a variety of products in the 
hardware, networking, architecture, infrastructure, security and development tool 
areas. These products are used as the foundation to build applications and systems. 
Businessl offers limited products with out-of-the-box functionality or application 
capabilities. Product Functionality Product Name/Category Product Details 
Application A platform for the development, delivery and management of enterprise 
Server network applications. Based on CORBA and Java, Productl uses an open and 
secure architecture to develop vusiness applications. The Productl product family 
consists of the following components: . cndot . Productl Studio - a visual integrated 
development environment tool for developing Java-based applications in Productl and 
Java. It incorporates wizards and editors for creating web-based applications. 
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including construction of user interface, data access and PACs. It also integrates 
with source code control, testing and deployment tools, .cndot. Productl 
Application Server - a Java- and CORBA-based server that provides state and session 
management, built-in load balancing, processing of application logic and 
integration with external databases and enterprise systems, .cndot. Productl Java 
Object Framework - a framework of reusable Java and JavaBeans objects. A host of 
Productl Java classes and methods are available out-of-the-box for custom 
development, .cndot. Productl Command Center - a Java-based application that 
provides local and remote management and monitoring of the platform in real- time. 
This management console provides control of the application server, with the 
ability to configure a range of properties for each server component and the 
processes within them. It can also distribute components across multiple systems 
and manage multiple configurations. The Productl product family may be extended 
through these components: .cndot. PAC SDK — Productl platform that allows 
developers to build customized Platform Adapter Components (PACs) for external 
enterprise systems, .cndot. PACs — Businessl provides a PAC for SAP and 
PeopleSoft. Businessl partners deliver other 3rd party PACs that can be purchased 
from partners directly. Internet Mail A family of Internet mail server products 
that securely handles mail messages Server (SIMS) in a variety of formats. SIMS 
also provides a secure Java Administration Console for centralized and remote 
administration, backup and restore features. SIMS is a replacement for the UNIX 
sendmail program which has been the target of frequent system break-ins. Internet 
News Targeted for internet service providers, the Internet News Server is a full- 
Server featured news server which offers user-focused interfaces, streamed 
feeder/reader design, ^ web-based installation and administration and remote access. 
The Internet News Server is a component of the Product2 ISP Server suite. Forum 
Workgroup collaboration tools that allow users to communicate in a heterogeneous 
environment of Businessl workstations, PCs and Macintosh computers. Forum allows 
users to share a whiteboard and applications with others and seamlessly transfer 
files and "chat" with co-workers. Personal Personal WebAccess — a customizable, 
compact web browser for devices that WebAccess run the PersonalJava platform. 
Personal Web Access is designed for Browser manufacturers who want to provide 
consumers with an easy way to access the Web and retrieve information from a 
variety of consumer devices, including screen phones, set-top boxes, and wirelss 
hand-held devices. The browser supports common internet services such as 
authentication, FTP, applets, audio and media files. Hot Java Hot Java Browser - a 
lightweight, customizable browser designed for OEMs Browser and developers who 
create web-enabled devices and applications. Products A secure, standards-based web 
server for accessing, managing, and distributing information over the Internet, 
extranets, or intranets. Products supports Java servlet development and network 
caching of web pages. Products simplifies management of website environments 
through delegation of administrative privileges such as access rights to administer 
meta-data components or load-balancing. Java Web Server The first commercially 
available Java service based on the JavaServer API framework for Java servlets . It 
uses servlet technology to enable server-side Java applications and provides 
session tracking that provides a mechanism to track how people use and navigate 
websites. It also provides remote administration and logging features. Directory A 
multi-protocol, scalable global directory for storing information such as user 
Services definitions, user profiles, network resource definitions, and 
configuration parameters. It employs naming, directory, and authentication 
protocols on top of a shared, distributed, object repository. Users and 
applications can use the directory to locate and access information from anywhere 
in the network. JavaWallet Java Electronic Commerce Framework (JECF) is Businessl ' s 
new initiative to create a standard, secure framework within which to conduct 
business transactions using any combination of currencies and payment instruments 
such as credit and debit cards, electronic cash and checks, and smart cards. The 
initial component of the JECF is the JavaWallet, a client-side application that 
will be distributed as a core component of the Java environment. JavaWallet will 
allow users of any Java-enabled web browser or operating system to purchase goods 
and services from JECF-compliant merchant websites. JavaWallet provides a single 
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user interface for electronic transactions, secure from tampering. When a consumer 
uses a Java-enabled browser to navigate an online mall, selects goods and services 
for purchase, he can access the JavaWallet for home banking and portfolio 
management. The consumer owns the JavaWallet that will be used to complete 
purchases and banking transactions . The user may set spending limits and can 
monitor spending through an auditable transaction log. Privacy of all data is 
protected through the use of encryption and digital signatures . Merchants offer 
goods and services for sale on the Internet using applets which adhere to the 
JavaWallet architecture. These applets may include interfaces to payment 
processing, security services, customer profile services and database services. The 
Java Wallet family consists of the following components: .cndot. Java Commerce 
Business (JCC) — a client side solution for eCommerce transactions. JCC provides 
users with a wallet-like user interface, a database, and a platform that enables a 
variety of payment instruments and protocols, .cndot. Commerce JavaBeans - enables 
developers to write components to extend JCC functionality such as interfacing with 
payment servers and other transaction protocols, .cndot. Gateway Security Model — 
allows a secure shield around protected APIs and components. Java Card A card that 
is embedded with either a microprocessor and a memory chip or only a memory chip 
with non-programmable logic. The microprocessor card can add, delete, and otherwise 
manipulate information on the card, while a memory-chip card can only undertake a 
pre-defined operation, echeck Server A server that allows the use of electronic 
checks for transactions. Businessl echeck server verifies digital signatures, 
processes checks according to the business rules of the bank (e.g. a check over 
$25,000 requires two signatures), returns invalid checks, and settles all valid 
checks. Product4 Product A range of security-based hardware and software that 
offers packet filtering. Suite encryption, security administration, virtual private 
network and access restriction. The Product4 Product Suite includes the following 
components: .cndot. Product4 Secure Net — a complete set of products designed to 
establish perimeter defense, secure intranets, secure remote access, and secure 
extranets including the following: .cndot. Product4 EFS - firewall and security 
server software that screens network traffic as defined by the organization's 
security policy. It also acts as a high-speed encryption server to protect 
information going over untrusted networks, .cndot. Product4 SPF-200 - security 
platform for perimeter defense and electronic commerce. It provides stealthing to 
help protect an organization from Internet attacks, .cndot. Product4 SKIP - 
provides encryption and key management capabilites which enables PCs, workstations, 
and servers to achieve secure /authenticated communication. Businessl.net A remote- 
access strategy and technology that enables users to securely access all 
personalized data, application and information from Java-enabled browsers. 
Businessl.net uses recently acquired i-Planet*s secure, remote access software. 
Calendar Server Designed to manage large-scale enterprise calendaring systems, 
Businessl 's Calendar Server is integrated with Businessl Internet Mail Server and 
provides the following features: .cndot. Maintenance of Personal Calendars .cndot. 
Group Scheduling .cndot. Calendar Security Products Internet A web server package 
solution that includes 

Detailed Description Paragraph Table (2) : 

third-party Internet and security Server Software products including the following: 
Bundle .cndot. Products Administration Software - provides server setup, 
configuration, and management capabilites through a browser. The Products Internet 
Server can be administered remotely for user access control, email management, 
software installation and backup and recovery, .cndot. Checkpoint FireWall-First ! - 
firewall and security software that protects data and network from unauthorized 
access from the public Internet. It also offers packet-level filtering, .cndot. 
Trend InterScan VirusWall - virus scanning software that verifies and filters out 
viruses in communications such as files and emails that interact with the Products 
Internet Server, .cndot. Businessl Internet Mail Server - a family of Internet mail 
server products that securely handles mail messages in a variety of formats, 
.cndot. Network Associates WebStalker-First Intrusion Detection- software that 
provides around-the-clock monitoring and response to intrusions and misuse of a 
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site and its files, .cndot. Business2 SuiteSpot Server including Business2*s 
Calendar, Chat, Enterprise, Messenging and Directory Servers, LiveWire Pro and 
Product2 ISP Server Targeted for internet service providers, Businessl*s Product2 
ISP Server Bundle provides users with a bundle of platform extensions including the 
following: .cndot. Internet Administrator — provides secure, remote management of 
distributed ISP services .cndot. Internet Services Monitor - monitors Internet 
services, identifies and manages network problems .cndot. Directory Services — 
provides a multi-protocol, global directory for storing information .cndot. Host 
Conf iguartion -.provides ISP host configuration features including quick, 
repeatable installation, Product2 security configuration, intrusion detection, 
server process monitoring, and log file management, .cndot. Product4 SKIP 
provides encryption and key management capabilities which enables PCs, 
workstations, and servers to achieve secure /authenticated communication 
Network .cndot. Product2 Bandwidth Manager — a software product that enables 
efficient Management network resource management. By preventing a small number of 
Tools applications or users from consuming all available bandwidth, it ensures the 
quality of service to users and network availability to applications, .cndot. 
ProductG Enterprise Manager - Businessl's distributed network management foundation 
that manages large heterogeneous networks. Products Enterprise Manager supports and 
manages Java applications built for various network types, .cndot. Products Site 
Manager & Products Domain Manager - offer centralized management for networks of up 
to 100 nodes. Product features include the following: .cndot. Monitoring of events 
and network health for multiple local and remote environments .cndot. Distribution 
of management data .cndot. Management of file systems, print queues and user 
groups .cndot. Balancing of management processing loads across the network 
Development and Businessl offers a variety of development and testing tools 
including the Testing Tools following: Development Tools: .cndot. EmbeddedJava 
Application Environment .cndot. JavaBeans Development Kit .cndot. JavaBlend .cndot. 
Java Compiler Compiler .cndot. Java Development Kit .cndot. Java Dynamic Management 
Kit (JDMK) .cndot. JavaHelp .cndot. Java Management API (JMAPI) .cndot. Java JIT 
Compiler .cndot. Java SDK .cndot. Java Workshop .cndot. NEOWorks .cndot. Personal 
Java Application Environment .cndot. Servlet Development Kit .cndot. Products ASN.l 
Compiler .cndot. Businessl Performance Workshop Fortran .cndot. Businessl Visual 
Workshop C++ .cndot. Businessl Workshop Teamware Testing Tools: .cndot. 
JavaCheck .cndot. Java Heap Analysis Tool .cndot. JavaPureCheck .cndot. 
JavaScope .cndot. JavaSpec .cndot. JavaStar .cndot. JavaLoad System .cndot. JavaPC 
Software - provides central administration and support for the Java Management 
platform on PC-based thin client devices. JavaPC is targeted at OEMs Tools 
designing thin-client devices such as transaction terminals, cash registers, kiosks 
and ATMs, .cndot. Product2 Management Console - Java-based utility that provides 
views of servers on the network and applications on those servers. It allows 
administrators to add users, hosts or applications from any client on the network, 
.cndot. Products Backup - provides automated, backup, recovery and storage 
management services for files and applications in a wide array of systems on the 
network including UNIX, NetWare, Windows NT, PC or Apple Macintosh systems. It also 
provides centralized administration and control through a unified view, .cndot. 
Products AdminSuite — suite of tools for administering distributed systems and 
managing user accounts, hosts, groups, administrative data, printer, file system, 
disk and serial ports, .cndot. Products j Software - browser-based graphical 
administration tool that provides centralized administration of JavaStation network 
computers and Java Webtops on PCs. Product 5 j provides Java technology clients 
with connectivity to legacy databases and applications, .cndot. Businessl ProductV 
- host-based software used to monitor and administer tape libraries via a Java- 
enabled Web browser. The Library Monitor allows event logging and notification, 
remote diagnostics, remote configuration, and remote monitoring of library activity 
and status. 1.2 Business2 (www.business2.com) Business2 Communications offer a 
variety of server products that support the development and deployment of Internet 
applications. Business2 also provides applications with out-of-the-box 
functionality such as electronic commerce. Product Name/Category Product Details 
Business2 A suite of pre-built applications that run on Business2 ' s Application 
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Server. Commerce These applications include buying, selling, merchandising and 
delivering Productl content over the Internet: .cndot. ECPProductl - Software for 
the integration of eCommerce applications with legacy systems. It provides for the 
sending, receiving, and encrypted transmission of documents among heterogeneous 
systems of trading partners over the Internet, .cndot. SellerProductl - An 
application designed to support advanced business- to-business selling over the 
Internet. SellerProductl allows for the enforcement of trading partner agreements 
and business rules. SellerProductl provides the capability to create company- 
specific catalogs which can be set up to present different products to different 
users based upon purchase eligibility. SellerProductl includes search features, 
management tools, and order management (including tax, shipping, and payment 
services.) .cndot. BuyerProductl - An Internet- based corporate procurement 
application that automates order and delivery, supports complex trading 
relationships, and allows for the exchange of information via EDI or the Internet, 
.cndot. PublishingProductl - An application that utilizes both passive and active 
customer profiling capabilities to create targeted advertising, and to deliver 
personalized information for superior customer service. Content management tools 
are combined with application development tools to allow to host and deploy 
multiple sites, .cndot. MerchantProductl - An online business-to-consumer 
merchandising solution that provides the following features: .cndot. A single 
shopping cart for each customer, forms filled with predefined account information, 
tax calculation and discounts, product availability, and up-to-date order status 
information, .cndot. Payment systems, catalog creation and administration tools, an 
order management system, and rapid customization of a site*s business processes 
through modifiable business rules and presentation templates, .cndot. Search 
capabilities, including hierarchial menus, parametric searches by attribute, and 
simple keyword searches, .cndot. BillerProductl - An Internet bill presentment and 
payment (IBPP) solution, particularly for the banking and telecommunications 
industries, .cndot. TradingProductl - A commerce exchange application that enables 
trading partners of varying size and technical sophistication to transact business 
over the Internet through in-context document turnaround capabilities, and 
customizable prepackaged forms. Business2 Product A comprehensive set of components 
that integrates browsing, email, web-based word processing, chat, and group 
scheduling to allow users to communicate, share, and access information. Business2 
Product2 includes: 

Detailed Description Paragraph Table (3) : 

.cndot. Products - web browser with support for Java, JavaScript, and SSL .cndot. 
Product4 - an Internet mail client, .cndot. Products - a web authoring tool, 
.cndot. Instant Product4 - enables people to communicate easily and privately in 
real time over an intranet or the Internet, either on-on-one or in a group, .cndot. 
Calendar - delivers group scheduling based on a scalable real-time architecture. 
Browser Customization .cndot. Business2 Business Customization Kit - enables 
Internet service providers, Internet content providers, hardware OEMs, and others 
to create customized versions of Product2 , .cndot. Business2 Mission Control 
Desktop - cross-platform administration tools to configure, deploy, centrally 
manage, and update Business2 Product2 . Business2 A high-performance, scalable web 
server software for deploying the largest- Enterprise Server scale web sites. 
Business2 Enterprise Server includes a built-in search engine and supports standard 
security an d authentication. The integrated LiveWire Pro software also adds content 
management, data access, and session management capabilities. Business2 also offers 
FastTrack Server - an entry-level enterprise server with limited functionality. 
Business2 A middlware infrastructure that supports the development and deployment 
of Application transactional, business-critical Internet applications. Business2 
Application Server Server operates with other Business2 products and includes the 
following two development tools: .cndot. Application Builder - provides an 
integrated and productive web development environment that enables developers to 
rapidly deliver enterprise-class web applications, .cndot. Extension Builder - 
allows corporations to develop custom integration with heterogeneous systems and 
applications across the enterprise. Business2 Directory A directory server that 
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acts as the central repository for customer, supplier and Server employee 
information. Business2 Directory Server enables the integration, storage and 
management of directory information from disparate data sources. It also provides 
security, authentication and replication features. A Directory Software Developer *s 
Kit provides application programming interfaces that enable developers to 
directory-enable their applications. Business2 Proxy A system for caching and 
filtering web content, log analysis, and boosting Server network performance. 
Business2 Calendar A calendar server that supports the scheduling of meetings, 
appointments, and Server resources for thousands of users. Business2 Chat A 
newsgroup server that provides collaboration services through discussion Server 
groups. Business2 Chat Server also supports the moderation of content and 
administration of discussion groups. Business2 An email server that delivers 
messages with embedded sound, graphics, video Messaging Server files, HTML forms, 
Java applets, and desktop applications. Other Directory Business2 sells a range of 
products that provide a user and security & Security management infrastructure for 
large-scale eCommerce, extranet, and intranet Products applications. . cndot . 
Business2 Certificate Management System - issues and manages digital certificates 
for extranet and e-commerce applications, .cndot. Business2 Directory for Secure E- 
Commerce - expands the capabilities of Business2 Directory Server to provide 
additional flexibility of user and security administration for large-scale commerce 
and extranet applications, .cndot. Business2 Delegated Administrator - provides 
customizable self- service administration for customers and partners to manage 
their own user and account information, .cndot. Business2 Meta-Directory - enables 
Business2 Directory Server to be automatically synchronized with relational 
databases as well as network operating system, messaging, and enterprise resource 
planning system directories .cndot. Business2 Security Services - enables 
developers to incorporate standard Internet security technologies into 
applications. Other Business2 .cndot. Process Manager - Enables enterprises to 
automate and modify business Products processes such as contract negotiation, 
bidding and contractor management. Business2 Process Manager supports the 
develpoment and deployment of processes across extranerts and intranets, and 
manages them for overall efficiency and precision. Process Manager has four 
components: .cndot. Business2 Process Manager Builder - a visual design environment 
for designing business processes using intuitive features such as drag-and-drop 
functionality and pick lists. Processes may be stored in Business2*s Directory 
Server, .cndot. Business2 Process Manager Engine - the server-based engine that 
hosts processes designed with PM Builder, .cndot. Business2 Process Manager Express 
- browser-based user interface to Process Manager business processes, .cndot. 
Business2 Process Manager Administrator - browser-based interface for centrally 
managing Process Manager business processes, .cndot. Compass Server - A profiling 
server that offers search, browser and profiling capabilities to help 
administrators gather and organize enterprise resources scattered across intranets 
so that users can find and retrieve information more efficiently, .cndot. Media 
Server - An audio publishing, broadcasting, and receiving system that enables the 
creation and delivery of media-rich information, both inside and outside the 
enterprise. Media server includes four components: .cndot. Media Server - play 
real-time audio feels, provide on-demand access to pre-recorded audio clips, and 
synchronize audio with HTML documents, Java applets, and JavaScript applications, 
.cndot. Media Proxy Server - a transparent intermediary between Media Player and 
Media Servers which provides safe passage through the firewall for audio 
connections and operates as a reverse-proxy outside a firewall, .cndot. Media 
Converter - compresses and converts different audio formats, .cndot. Media Player - 
a plug-in needed to access audio files or a live feed from a Media Server. 1.3 
BusinessS (www.business3.com) Business3 primarily provides Internet services for 
web users. It offers a variety of services including internet access, portal sites, 
links to online shopping, and chatting. Business3 offers a very limited set of 
Internet products as it focuses on providing Internet services. Product 
Name/Category Product Details Business3 A software application that allows 
Business3 users to access their Business3 NetMail mail through a standard web 
browser without any Business3 software. Business3press A web publishing tool which 
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may be published to any web server. BusinessSpress offers the following 
capabilities: .cndot. WYSIWYG editing .cndot. Simple interfaces for creating forms 
and image maps .cndot. Integrated browsing and editing simultaneously .cndot. 
"Check Links" function to fix broken links .cndot. Database interaction .cndot. 
Permissions setting .cndot. Work archive .cndot. MiniWeb - site management tool 
that provides graphical overview of website structure. It provides a mechanism to 
save or move multiple pages while maintaining appropriate links. Business3server A 
multi-threaded web and publishing server that provides the following capabilities: 
.cndot. Serves HTML pages and other media files .cndot. Runs CGI scripts and 
processes server-side includes .cndot. Platform for dynamic web applications: 
Business3server Dynamic Pages (ADPs) .cndot. Supports Business3server ' s C and Tel 
scripting and APIs .cndot. Supports database connectivity .cndot. Allows users to 
edit content across the network with BusinessSpress or other authoring 
tools .cndot. Provides C API plug-in that can be used to serve and rotate web 
advertisements, as on BusinessS's site, .cndot. Supports simultaneous connections 
through multi-threading and in- memory caching .cndot. Supports site administration 
tasks including account management, document management (automatic version control 
and archiving), link management, and access control .cndot. Web-based server and 
page administration .cndot. Provides support for Art Technology Group's Dynamo 
server BusinessSserver is used extensively on Business3*s sites and a number of 
other Internet sites including the following: primehost.com, Business3.com, 
digitalcity.com, tile.net, am.net, worldpages.com. Client3 Instant A software 
application that provides online chatting capabilities, directory Productl services 
for user profiles, and personalized news. Clients Browser A browser based upon 
Microsoft's Internet Explorer which supports common internet services such as 
graphics, sound, meta-tags, plug-ins, security, FTP, HTTP. Clients Client A 
software application installed on end-user's machines to obtain access to 
BusinessS's private network. Business3 Business communicates with a host in 
Virginia through a proprietary protocol. Client3 Caching A server software that 
determines if a web page object should be cached and 
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An automated product purchasing system allows purchasers to order products via a 
remote communications medium without having to speak to a sales representative or 
other human operator. According to the invention, purchasers access the automated 
product purchasing system and browse among the selections offered. Menu style 
prompts guide the customer through the various products offered by the automated 
product purchasing system. Product descriptions are provided to assist the customer 
in making his or her selections. Where appropriate, product samples are provided to 
the customer via the communications medium so the customer can evaluate the product 
prior to purchasing. Examples of product samples include movie previews, sample cuts 
from music tracks, software demos, and the like. Ordering and purchasing are 
automated so that human operators are not required to intervene in the process. The 
use of a membership profile with important customer information facilitates the 
automation of the process and minimizes the amount of times a repeat customer needs 
to provide this information. 
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ABSTRACT: 



Participant servers in a network of customers, suppliers and other trading partners 
exchange machine readable documents. The participants in the network use self 
defining electronic documents, such as XML based documents, which can be easily 
understood amongst the partners. Definitions of the electronic business documents, 
called business interface definitions, are posted on the Internet, or otherwise 
communicated to members of the network. The business interface definitions tell 
potential trading partners the services the company offers and the documents to use 
when communicating with such services. Thus, a typical business interface definition 
allows a customer to place an order by submitting a purchase order or a supplier 
checks availability by downloading an inventory status report. Participants are 
programmed by the composition of the input and output documents, coupled with 
interpretation information in -a common business library, to handle the transaction 
in a way which closely parallels the way in which paper based businesses operate. 
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A system and method are disclosed for finding and serving consumer product-related 
information over the Internet to consumers in retail shopping environments, as well 
as at home and work, and on the road. The system includes Internet information 
servers which store information pertaining to Universal Product Number (e.g. UPC 
number) preassigned to each consumer product registered with the system, along with 
a list of Uniform Resource Locators (URLs) that point to the location of one or more 
information resources on the Internet, e.g. World Wide Web-sites, which related to 
such registered consumer products. Upon entering the UPC number into the system 
using a conventional Internet browser program running on any computing platform or 
system, the menu of URLs associated with the entered UPC number is automatically 
displayed for user selection. The displayed menus of URLs are categorically arranged 
according to specific types of product information such as, for example: product 
specifications and operation manuals; product wholesalers and retailers; product 
advertisements and promotions; product endorsements; product updates and reviews; 
product warranty/servicing ; related or complementary products; product incentives 
including rebates, discounts and/or coupons; manufacturer's annual report and lOK 
information; electronic stock purchase; etc. Web-based techniques are disclosed for 
collecting the UPC/URL information from manufacturers and transmitting the same to 
the Internet-based databases of the system. 
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Authentication of image from digital cameras with GPS-derived time and location data 
is disclosed. With the wide-spread availability of today's desktop tools and imaging 
devices, unethical manipulation of digital image data is common, such that digital 
images are not ordinarily reliable and can be subject to trickery and forgery. In 
the past, imagery such as photographs and digital images were reliable enough to 
serve as documentary evidence in most cases, since a skilled craftsman was needed to 
modify the images and commit fraud. However, skilled craftsmen are no longer needed, 
and digital images can be modified by even a casual user. Moreover, time data and 
location data are not ordinarily included in digital images. According to the 
invention, a digital camera system documents the time, date and location where a 
digital image was taken, using GPS-derived data from a secure connection. The 
validity and authenticity of the digital image, as well as the time data and 
location data, is then protected with a public key signature system that provides a 
digital signature by which the image and time and location information can be 
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ABSTRACT: 

An automated product purchasing system allows purchasers to order products via a 
remote communications medium without having to speak to a sales representative or 
other human operator. According to the invention, purchasers access the automated 
product purchasing system and browse among the selections offered. Menu style 
prompts guide the customer through the various products offered by the automated 
product purchasing system. Product descriptions are provided to assist the customer 
in making his or her selections. Where appropriate, product samples are provided to 
the customer via the communications medium so the customer can evaluate the product 
prior to purchasing. Examples of product samples include movie previews, sample cuts 
from music tracks, software demos, and the like. Ordering and purchasing are 
automated so that human operators are not required to intervene in the process . The 
use of a membership profile with important customer information facilitates the 
automation of the process and minimizes the amount of times a repeat customer needs 
to provide this information. 
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